Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This can be exploited by an attacker to delete any file on the Master's process has permissions to.
References
Configurations
No configuration.
History
13 Jun 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-22 | |
Summary |
|
13 Jun 2025, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-13 07:15
Updated : 2025-06-16 12:32
NVD link : CVE-2025-22240
Mitre link : CVE-2025-22240
CVE.ORG link : CVE-2025-22240
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')